Text Size

WELCOME BACK CONGRESS: HERE’S YOUR TO-DO LIST – Members of Congress return to D.C. today — and to a full load of work, as just 20 scheduled legislative days in the Senate and 16 in the House stand between now and August recess. Conventional wisdom is that after August, members’ attention will be focused on the November midterms and any chance of legislative progress will evaporate, making the rest of July critical for advancing any bills that lawmakers want done before the end of the year.

First on the list may be cybersecurity information sharing: Senate Intel is set to mark up its version of the legislation, CISA, on Tuesday, MC hears. Supporters of the bill say they can get through conference with the House-passed version, CISPA, and get something to the president’s desk if the Senate can act on its piece before recess — but hurdles remain on that front. Industry still has some concerns with the Senate version, although it’s largely supportive of the draft, but privacy groups have come out in full force against CISA much as they did with CISPA. Supporters hope that if NSA reform passes, some of that opposition will ease — but that’s no done deal yet either. More on that below.

CISA/CISPA is just one piece of the puzzle: Congress still has plenty of other loose ends to tie up on the cybersecurity front. Appropriations and authorization packages are still moving at varying speeds, including the National Defense Authorization Act, Intel authorization, Defense and DHS appropriations and the Commerce, Justice, Science appropriations package that got pulled from the floor as part of the minibus effort in the Senate. Add onto that the NSA reform package, the USA FREEDOM Act, which is working its way through the Senate Judiciary and Intelligence Committees, plus FISMA, FITARA and NCCIC and workforce bills that the Senate Homeland Security Committee moved on. There’s also still talk of ECPA reform and Rep. Lee Terry’s data breach bill in the House, language of which has yet to be released. Guess what? We’ll be tracking all that and more. (Plus more on what else Congress has on their plate, from POLITICO’s Burgess Everett: http://politi.co/1kun4i2)

HAPPY MONDAY and welcome to Morning Cybersecurity, where we had a wonderfully restful Fourth of July holiday weekend. Hope you all had the same! As always, send your thoughts, tips and feedback to tkopan@politico.com and follow @talkopan, @POLITICOPro and @MorningCybersec. Full team info is below.

HEY CAMPAIGNS, GOT CYBERSECURITY? – Campaigns have the perfect combination of high-stakes, high-pressure environments, infrastructures operating by the skin of their teeth and top-of-the-line data mining operations that make them a very attractive target for hackers, criminals and ideological foes alike, POLITICO’s Byron Tau reports. “Recent years have seen more and more mischief in cyber campaign land. Data breaches and misplaced donor or voter information can fall into the wrong hands. Foreign intelligence services have reportedly found their way into campaign servers. Hackers looking to embarrass politicians have altered campaign websites. And credit card scammers have found that making small donations are a great way to test stolen MasterCard and Visa numbers.”

“‘If the U.S. government, the Chamber of Commerce, Target and others who presumably spend millions or even billions on cybersecurity measures still have to contend with security breaches, hacks and so on every so often, it really shouldn’t surprise anyone to know that political campaigns are vulnerable to exactly the same kind of threat,’ said Liz Mair, a digital consultant and former online communications director at the Republican National Committee. But given campaigns aren’t built for the long-haul and the focus is on winning, security takes a back seat.” Byron with the story: http://politi.co/TXn43w

WEEKEND FIREWORKS, VIA WAPO: NSA CATCHES MORE MUNDANE THAN NEFARIOUS — The vast majority (about 90 percent) of Americans and non-Americans whose data has been gathered by NSA’s bulk collection programs were ordinary Internet users, not targets of foreign surveillance, The Washington Post reported on Saturday. The report was based on a large trove of intercepted conversations leaker Edward Snowden provided in full to the Post’s Barton Gellman and colleagues. The newspaper’s four-month review of the documents highlights the NSA programs’ central policy conundrum, according to the reporters: While they contain the intimate personal communications of many innocent non-targets, they also disclose real dangers. The latter included “fresh revelations about a secret overseas nuclear project, double-dealing by an ostensible ally, a military calamity that befell an unfriendly power, and the identities of aggressive intruders into U.S. computer networks.” The story: http://wapo.st/1xyyGZF

-- WHAT DOES THIS MEAN FOR REFORM? That's the next big question. Ed Black, president of the Computer & Communications Industry Association, which lobbies for open competition in the computer, telecom and Internet space, thinks the report could swing a few key votes among lawmakers who might have been just slightly skeptical. "Maybe this adds a little ammunition to them understanding that when people are trying to close loopholes, they're doing it for a reason," he said. At least so far, lawmakers haven't shown a great deal of appetite for reforming Section 702; the USA FREEDOM Act currently up for consideration in the Senate is largely silent on that type of collection. And while the House overwhelmingly passed an amendment that would require warrants to search the types of data outlined in the Post report, there's no clear champion yet for similar legislative language in the Senate. Nor have the revelations set off too many fireworks off the Hill, at least not yet — none of the major tech companies or their representatives, save Black, had comment over the holiday weekend.

FIREYE LAUNCHES CHALLENGE FOR PROSPECTS – Security firm FireEye today is kicking off a series of binary puzzles designed to attract prospective cyber buffs to prove their skills — potentially leading to a job. The challenge is for The FireEye Labs Advanced Reverse Engineering (FLARE) team, “an elite technical group of malware analysts, researchers, and hackers,” the website says. “We are looking to hire smart individuals interested in reverse engineering. We have created this series of binary challenges to test your skills. We encourage anyone to participate and practice their skills while having fun!” A spokesman for the company said those who complete the challenge will get a prize in the form of “challenge coin,” and may be contacted for follow-up and possibly an interview with the company. The challenge kicks off this afternoon. Until then, the site is a countdown clock: http://flare-on.com/

TODAY: LAWMAKERS, PRIVACY ADVOCATES TALK NSA – Reps. Zoe Lofgren and Alan Grayson will kick off a New America Foundation event today with video-recorded greetings, then Google's David Lieber, CDT's Joe Hall, NAF's Bruce Schneier and Kevin Bankston and other privacy advocates will sit down for a panel discussion on the NSA's surveillance practices and efforts at legislative reform. Expect Lofgren to talk up the House-passed language she sponsored that prohibits the government from searching American's data without a warrant. "We sent a strong signal that if the government wants to collect information on US citizens — get a warrant," she'll say today. "But our work is not done. … We need to continue pushing to protect private information and data security. And we need the Senate to follow suit." Things kick off at 4 p.m. today, and will be livestreamed here: http://bit.ly/1vBpe4B

QUICK BYTES

-- A new project promises a stealthy spy-proof IM service for whistleblowers and other sources who want to stay anonymous. The Register: http://bit.ly/1rEZwPa